Ji3 the Claims 



The status of claims in the case is as follows: 



1 1. [Currently amended] A system for downloading security 

2 context elements that govern execution of agents, 

3 comprising: 

4 a list of identities of users authorized to execute 

5 said agents; 

6 downloadable cross certificates for verifying 

7 electronic signatures; 

8 signed agents in applications including signatory name 

9 and corresponding electronic signature; 

10 agent execution code and agent management services 

11 responsive to said cross certificates and said 

12 electronic signature for activating said signed agents. 

1 2. [Currently amended] A system for downloading security 

2 context elements that govern execution of downloadable and 
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3 distributable agents, comprising: 

4 a restricted agent list store for storing names of user 

5 identities of users authorized to execute restricted 

6 agents; 

7 an unrestricted agent list store for storing names of 

8 user identities of users authorized to execute 

9 unrestricted agents; 

10 downloadable cross certificates for use in verifying 

11 electronic signatures of names in said list stores; 

12 replicatable agents in applications containing 

13 signatures specifying name of signatory and 

14 corresponding electronic signature for comparison with 

15 said downloadable cross certificates; 

16 agent execution code and agent management services for 

17 activating agents dependent upon successful comparison 

18 of signatures to cross certificates. 

1 3 . [Currently amended] A server system for preparing 

2 security context elements for distribution to clients, 
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3 comprising: 

4 application code; 

5 agent code referenced by said application code and 

6 including signatures specifying name and corresponding 

7 electronic signature of signatories authorized to use 

8 said agent code; 

9 a group list store for storing names of authorized 

10 signatories; 

11 agent execution code and agent management services for 

12 activating agents dependent upon successful comparison 

13 of signatures to cross certificates; and 

14 a downloadable cross certificate store for storing 

15 cross certificates for each user or organization listed 

16 in said group list store and selected for downloading. 

1 4. [Currently amended] A client system for using security 

2 context elements distributed from a server with respect to 

3 downloadable application code, comprising: 



LOT920000012US1 



7 



S/N 09/596,282 



4 a client side rendition of a server application using a 

5 signed agent; 

6 said signed agent including signatures specifying name 

7 and corresponding electronic signature of signatories 

8 authorized to use said agent code; 

9 a group list store for storing names of signatories; 

10 a cross certificate store for storing certificates for 

11 signatories in said group list store; 

12 agent execution code and agent management services for 

13 activating said signed agent dependent upon successful 

14 comparison of signatures to cross certificates. 

1 5. [Original] The client system of claim 4, further 

2 comprising: 

3 said agent execution code being responsive to scheduled 

4 or on-demand access to said signed agent for first 

5 accessing said server to update said group list store 

6 and said cross certificate store. 
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1 6. [Original] The client system of claim 5, further 

2 comprising: 

3 said group list store storing the union of names of 

4 signatories authorized to execute agents referenced by 

5 applications downloadable from a plurality of servers. 

1 7. [Original] The client system of claim 6, further 

2 comprising : 

3 said group list store comprising a restricted group 

4 store and an unrestricted group store. 

1 8. [Original] The client system of claim 7, further 

2 comprising: 

3 said agent execution code being operable responsive to 

4 authentication of said signature in said signed agent 

5 for determining the execution level allowed and being 

6 operable responsive to failure of authentication of 

7 said signature for preventing execution of said agent 

8 code . 

1 9. [Currently amended] A method for governing execution 
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2 of downloadable and distributable signed agents 

3 characterized by security context elements, comprising the 

4 steps of: 

5 determining that said signed agent is scheduled or 

6 selected for execution; 

7 validating a signature in said signed agent against a 

8 store of downloadable cross certificates; and 

9 activating agent management seirvices for enabling 

10 execution of executin g said signed agent only 

11 responsive to validation of said signature. 

1 10. [Original] The method of claim 9, further comprising 

2 the steps of : 

3 replicating from a first server an application 

4 referencing said signed agent; and 

5 responsive to determining that said signed agent is 

6 scheduled or selected for execution, accessing said 

7 first server to update said store of downloadable cross 

8 certificates and thereafter validating said signature. 
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1 11. [Original] The method of claim 10, further comprising 

2 the steps of: 

3 replicating from a second server a second application 

4 referencing a second signed agent; 

5 maintaining a unionized group list store of names of 

6 signatories authorized to execute signed lists; and 

7 responsive to determining that either said signed agent 

8 or said second signed agent is scheduled or selected 

9 for execution, first accessing the said first server or 

10 said second server from which said scheduled or 

11 selected agent was downloaded to update said unionized 

12 group list store. 

1 12 , [Currently amended] A program storage device readable 

2 by a machine, tangibly embodying a program of instructions 

3 executable by a machine to perform method steps for 

4 governing execution of downloadable and distributable signed 

5 agents characterized by security context elements, said 

6 method steps comprising: 
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7 determining that said signed agent is scheduled or 

8 selected for execution; 

9 validating a signature in said signed agent against a 

10 store of downloadable cross certificates; and 

11 activating agent management services for enabling 

12 execution of executing said signed agent only 

13 responsive to validation of said signature. 

1 13. [Original] The program storage device of claim 12, 

2 said method steps further comprising: 

3 replicating from a first server an application 

4 referencing said signed agent; and 

5 responsive to determining that said signed agent is 

6 scheduled or selected for execution, accessing said 

7 first server to update said store of downloadable cross 

8 certificates and thereafter validating said signature. 

1 14. [Currently amended] The program storage device of 

2 claim 13, said method steps further comprising: 
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3 replicating from a second server a second application 

4 referencing a second signed agent; 

5 maintaining a unionized group list store of names of 

6 signatories authorized to execute sign e d lists signed 

7 agents ; and 

8 responsive to determining that either said signed agent 

9 or said second signed agent is scheduled or selected 

10 for execution, first accessing the said first server or 

11 said second server from which said scheduled or 

12 selected agent was downloaded to update said unionized 

13 group list store, 

14 15. [New] A client system for using security context 

15 elements distributed from a server with respect to 

16 downloadable application code, comprising: 

17 a client side rendition of a server application using a 

18 signed agent; 

19 said signed agent including signatures specifying name 

20 and corresponding electronic signature of signatories 

21 authorized to use said agent code; 
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22 a group list store for storing names of signatories; 

23 a cross certificate store for storing certificates for 

24 signatories in said group list store; 

25 agent execution code for activating said signed agent 

26 dependent upon successful comparison of signatures to 

27 cross certificates; 

28 said agent execution code being responsive to scheduled 
2 9 or on-demand access to said signed agent for first 

30 accessing said server to update said group list store 

31 and said cross certificate store; and 

32 said group list store storing the union of names of 

33 signatories authorized to execute agents referenced by 

34 applications downloadable from a plurality of se2rvers. 

1 16. [New] The client system of claim 15, further 

2 comprising: 

3 said group list store comprising a restricted group 

4 store and an unrestricted group store. 
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1 17. [New] The client system of claim 16, further 

2 comprising: 

3 said agent execution code being operable responsive to 

4 authentication of said signature in said signed agent 

5 for determining the execution level allowed and being 

6 operable responsive to failure of authentication of 

7 said signature for preventing execution of said agent 

8 code . 

1 18. 9. [New] A method for governing execution of 

2 downloadable and distributable signed agents characterized 

3 by security context elements, comprising the steps of: 

4 determining that said signed agent is scheduled or 

5 selected for execution; 

6 validating a signature in said signed agent against a 

7 store of downloadable cross certificates; 

8 executing said signed agent only responsive to 

9 validation of said signature; 

10 replicating from a first server an application 
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11 referencing said signed agent; 

12 responsive to determining that said signed agent is 

13 scheduled or selected for execution, accessing said 

14 first server to update said store of downloadable cross 

15 certificates and thereafter validating said signature; 

16 replicating from a second server a second application 

17 referencing a second signed agent; 

18 maintaining a unionized group list store of names of 

19 signatories authorized to execute signed lists; and 

2 0 responsive to determining that either said signed agent 

21 or said second signed agent is scheduled or selected 

22 for execution, first accessing the said first server or 
- 23 said second server from which said scheduled or 

24 selected agent was downloaded to update said unionized 

25 group list store. 

1 19. [New] A program storage device readable by a machine, 

2 tangibly embodying a program of instructions executable by a 

3 machine to perform method steps for governing execution of 

4 downloadable and distributable signed agents characterized 
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5 by security context elements, said method steps comprising: 

6 determining that said signed agent is scheduled or 

7 selected for execution; 

8 validating a signature in said signed agent against a 

9 store of downloadable cross certificates; 

10 executing said signed agent only responsive to 

11 validation of said signature; 

12 replicating from a first server an application 

13 referencing said signed agent; and 

14 responsive to determining that said signed agent is 

15 scheduled or selected for execution, accessing said 

16 first server to update said store of downloadable cross 

17 certificates and thereafter validating said signature; 

18 replicating from a second server a second application 

19 referencing a second signed agent; 

2 0 maintaining a unionized group list store of names of 

21 signatories authorized to execute signed agents; and 
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22 responsive to determining that either said signed agent 

23 or said second signed agent is scheduled or selected 

24 for execution, first accessing the said first server or 

25 said second server from which said scheduled or 

2 6 selected agent was downloaded to update said unionized 

27 group list store. 
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